McAfee VCLCDE-AA-DA Product Guide - Page 18
Scanning files in remote storage, Scanning NTFS streams, Scanning protected files, Table 3-1
![]() |
View all McAfee VCLCDE-AA-DA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 18 highlights
VirusScan® Command Line 5.20.0 Product Guide 3 Using the Command-Line Scanner Scanning files in remote storage Scanning files in remote storage Under some Microsoft Windows systems, files that are not in frequent use can be stored in a remote storage system, such as the Hierarchical Storage Management (HSM) system. However, when the files are scanned using the /DOHSM option, those files become in use again. To prevent this effect, you can include the /NORECALL option. In combination, these options request the stored file for scanning, but the file continues to reside in remote storage. The file is not transported back to local storage. Scanning NTFS streams Some known methods of file infection add the virus body at the beginning or the end of a host file. However, a stream virus exploits the NTFS multiple data streams feature in Windows NT and more recent Windows operating systems. For example, a Windows 95 or Windows 98 FAT file has only one data stream - the program code or data itself. In NTFS, users can create any number of data streams within the file - independent executable program modules, as well as various service streams such as file access rights, encryption data, and processing time. Unfortunately, some streams might contain viruses. The scanner can detect a stream virus in one of two ways; you can specify the full stream name, or you can include /STREAMS and specify either no stream name, or a part of a stream name using the wildcard characters ? and *. The following table shows the effect of different commands on a stream called FILE:STREAM that contains a virus. Table 3-1 Scanning streams Command SCAN /ALL /STREAMS FILE SCAN /ALL FILE:STREAM SCAN /ALL /STREAMS FILE:STREAM SCAN /ALL FILE:STR* SCAN /ALL /STREAMS FILE:STR* SCAN /ALL FILE Action All streams were scanned. The virus is detected. The exact stream name was specified. The virus is detected. The exact stream name was specified. The virus is detected. An exact stream name was not specified. The virus is not detected. All streams beginning with "str" are scanned. The virus is detected. No streams were named. The virus is not detected. Scanning protected files The scanner normally scans files such as other users' profiles and recycle bins. To prevent this type of scanning in Windows NT or later systems, use /NOBKSEM. 18
![](/manual_guide/products/mcafee-vclcdeaada-product-guide-5363cf8/18.png)